PEAP vs. TTLS and forward secrecy (was: Re: WPA2 Client Authentication using Radius and remote LDAP server)

Hans-Christian Esperer hc at
Thu Sep 20 17:00:26 CEST 2018

On Thu, Sep 20, 2018 at 10:46:45AM -0400, Alan DeKok wrote:
> > Now I wonder whether EAP-PWD, which uses a PSK per user, also provides forward
> > secrecy? My assumption is that it doesn't.
>   Forward secrecy depends on the cipher suite you select.  So "it all depends" is the best answer.

I just discussed on the #freeradius irc channel: Apparently EAP-PWD always
guarantees forward secrecy. 7.b.2.
(Security claims)


More information about the Freeradius-Users mailing list